3 Cryptography-related concepts Plaintext is the original content which is readable as textual material. Plaintext needs protecting. Ciphertext is the result of encryption performed on plaintext using an algorithm. Ciphertext is not readable. Encryption is the process of turning plaintext into ciphertext, decryption is the inverse of the encryption. Cryptosystems = encryption + decryption algorithms Encryption, decryption process needs keys 3

9 Symmetric encryption techniques Triple DES: run the DES algorithm a multiple number of times using different keys Encryption: c ε k1 (D k2 (ε k1 (m))) Decryption: m D k1 (ε k2 (D k1 (c))) The triple DES can also use three different keys 9

10 Symmetric encryption techniques AES: Advanced Encryption Standard (Rijndael) Jan 2, 1997, NIST announced the initiation of a new symmetric-key block cipher algorithm, AES, as the new encryption standard to replace the DES Oct 2, 2000: Rijndael was selected Rijndael is designed by two Belgium cryptographers: Daemen and Rijmen Rijndael is a block cipher with a variable block size and variable key size The key size and the block size can be independently specified to 128, 192 or 256 bits 10

11 Asymmetric encryption techniques RSA: named after 3 inventors Rivest, Shamir và Adleman Two keys: public key and private key Public key is used for encrytion. Private key is used for decrytion 11

12 Digital signatures Digital signatures is a message signed with a user's private key can be verified by anyone who has access to the user's public key, thereby proving that the user signed it and that the message has not been tampered with Thus: Public key digital signatures provide authentication and data integrity A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information 12

22 Perfect encryption For a plaintext M, a crypto algorithm A and a cryptographic key K, the ciphertext M is calculated as follows: M = A(K,M) = {M} K Without the key K (in the case of a symmetric cryptosystem), or the matching private key of K (in the case of an asymmetric cryptosystem), the ciphertext {M} K does not provide any cryptanalytic means for finding the plaintext message M The ciphertext {M} K and maybe together with some known information about the plaintext M do not provide any cryptanalytic means for finding the key K (in the case of a symmetric cryptosystem), or the matching private key of K (in the case of an asymmetric cryptosystem) 22

24 Dolev-Yao threat model Malice (can): can obtain any message passing through the network is a legitimate user of the network, and thus in particular can initiate a conversation with any other user will have the opportunity to become a receiver to any principal can send messages to any principal by impersonating any other principal 24

25 Dolev-Yao threat model Malice (cannot): cannot guess a random number which is chosen from a sufficiently large space without the correct secret (or private) key, cannot retrieve plaintext from given ciphertext, and cannot create valid ciphertext from given plaintext, wrt. the perfect encryption algorithm 25

26 Dolev-Yao threat model Malice (cannot): cannot find the private component, i.e., the private key, matching a given public key while he may have control of a large public part of our computing and communication environment, in general, he is not in control of many private areas of the computing environment, such as accessing the memory of a principal's offline computing device 26

27 Dolev-Yao threat model Suppose that two principals Alice and Bob wish to communicate with each other in a secure manner Suppose also that Alice and Bob have never met before, so they do not already share a secret key between them and do not already know for sure the other party's public key Then how can they communicate securely over completely insecure networks? 27

28 Dolev-Yao threat model 28

29 Dolev-Yao threat model Problem: K created by Alice is not strong enough Bob is unhappy about this New protocol: Session key from Trent 29

32 Dolev-Yao threat model "Session key from Trent Malice must be a legitimate user known to Trent Inside attackers are often more of a threat than outsiders Fix: 1. Alice sends to Trent: Alice, {Bob} K AT ; 32

38 Perfect encryption for message authentication service Without the key K (in the case of a symmetric cryptosystem), or the matching private key of K (in the case of an asymmetric cryptosystem), the ciphertext {M} K does not provide any cryptanalytic means for finding the plaintext message M The ciphertext {M} K and maybe together with some known information about the plaintext M do not provide any cryptanalytic means for finding the key K (in the case of a symmetric cryptosystem), or the matching private key of K (in the case of an asymmetric cryptosystem) 38

39 Perfect encryption for message authentication service Without the key K, even with the knowledge of the plaintext M, it should be impossible for someone to alter {M} K without being detected by the recipient during the time of decryption 39

40 Perfect encryption for message authentication service Problem: message replay attack. Malice intercepts Alice's request, then: 1. Alice sends to Malice( Trent ) 2. Malice( Trent ) sends to Alice:{Bob,K'}K AT,{Alice,K'} K BT Two ciphertext blocks containing K' are a replay of old messages which Malice has recorded from a previous run of the protocol (between Alice and Bob) This attack will cause Alice & Bob to reuse the old session key K'. Since K' is old, it may be possible for Malice to have discovered its value (HOW?? homework). 40

42 Protocol challenge-response" Symmetric-key Authentication Protocol Needham and Schroeder which they published in 1978 Nonce: a number used once 42

43 Protocol challenge-response" 43

44 Protocol challenge-response" An attack on the Needham-Schroeder symmetric key authentication protocol: Bob thinks he is sharing a new session key with Alice while actually the key is an old one and may be known to Malice 44

51 Public-key Cryptosystems An attack on public key authentication protocol Found after 17 years Result: Bob thinks he is sharing secrets N A, N B with Alice while actually sharing them with Malice Method: Malice makes use of Alice as she is trying to establish a connection with him (Alice provides an oracle service) 51

52 Public-key Cryptosystems 52

53 Public-key Cryptosystems Malice may ask for a session key and Bob may believe that this request is from Alice Then, an example if Bob is a bank, Malice( Alice ) sends to Bob the following command: ' {NA, NB, "Transfer 1B from my account to Malice's"} K B 53

Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive

1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of

Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State

Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of

Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;

Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for

CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should

Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on

PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,

CS 332 Computer Networks Security Professor Szajda Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your

our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session

Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 8, 2015 at 12:47 Slideset 7: 1 Car Talk Puzzler You have a friend in a police state

Encryption I An Introduction Reading List ADO and SQL Server Security A Simple Guide to Cryptography Protecting Private Data with the Cryptography Namespaces Using MD5 to Encrypt Passwords in a Database

Introduction to Cryptography Ramki Thurimella Encryption & Decryption 2 Generic Setting 3 Kerckhoff s Principle Security of the encryption scheme must depend only on The secret key NOT on the secrecy of

Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows

Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.

[Part 2] Asymmetric-Key Encipherment Asymmetric-Key Cryptography To distinguish between two cryptosystems: symmetric-key and asymmetric-key; To discuss the RSA cryptosystem; To introduce the usage of asymmetric-key

Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries

The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables

4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data

PUBLIC KEY CRYPTO Anwitaman DATTA SCSE, NTU Singapore Acknowledgement: The following lecture slides are based on, and uses material from the text book Cryptography and Network Security (various eds) by

Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography Menu Some loose ends on WWII Maurice Burnett Modern Cryptography Modern

Logic of Authentication 1. BAN Logic Ravi Sandhu BAN Logic BAN is a logic of belief. In an analysis, the protocol is first idealized into messages containing assertions, then assumptions are stated, and

18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution

An overview and Cryptographic Challenges of RSA Bhawana Department of CSE, Shanti Devi Institute of Technology & Management, Israna, Haryana India ABSTRACT: With the introduction of the computer, the need

Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another

1 2 OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. The toolkit offers a series of command-line tools to perform

Basics of Cryptography (1) Introduction Expectation Level one: know what they are, what they can achieve, and how to use them as tools. Level two: know how they work, how secure they are, and how to analyze